Index: debian/univention-s4-connector.univention-config-registry-variables
===================================================================
--- debian/univention-s4-connector.univention-config-registry-variables	(Revision 32308)
+++ debian/univention-s4-connector.univention-config-registry-variables	(Arbeitskopie)
@@ -58,6 +58,18 @@
 Type=str
 Categories=service-adcon
 
+[con.*/s4/mapping/user/ignorelist]
+Description[de]=Definiert durch Komma separierte Benutzer, welche durch den Connector nicht synchronisert werden (Default ist root,pcpatch,ucs-s4sync)
+Description[en]=Defines a comma separated list of users whom will be ignored by the connector (default is root,pcpatch,ucs-s4sync)
+Type=str
+Categories=service-adcon
+
+[con.*/s4/mapping/group/ignorelist]
+Description[de]=Definiert durch Komma separierte Gruppen, welche durch den Connector nicht synchronisert werden (Default ist Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody)
+Description[en]=Defines a comma separated list of groups whom will be ignored by the connector (default is Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody)
+Type=str
+Categories=service-adcon
+
 [con.*/s4/ldap/base]
 Description[de]=Die LDAP-Basis-DN des Samba 4-Servers
 Description[en]=The LDAP base DN of the Samba 4 server.
Index: debian/univention-s4-connector.postinst
===================================================================
--- debian/univention-s4-connector.postinst	(Revision 32308)
+++ debian/univention-s4-connector.postinst	(Arbeitskopie)
@@ -46,7 +46,9 @@
 							   connector/debug/level?2 \
 							   connector/ad/mapping/group/language?de \
 							   connector/s4/mapping/syncmode?sync \
-							   connector/s4/mapping/sid?true
+							   connector/s4/mapping/sid?true \
+							   connector/s4/mapping/user/ignorelist?"root,pcpatch,ucs-s4sync" \
+							   connector/s4/mapping/user/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody"
 
 if [ ! -d /var/lib/univention-connector/s4 ]; then
 	mkdir -p /var/lib/univention-connector/s4
Index: conffiles/etc/univention/s4connector/s4/mapping.py
===================================================================
--- conffiles/etc/univention/s4connector/s4/mapping.py	(Revision 32308)
+++ conffiles/etc/univention/s4connector/s4/mapping.py	(Arbeitskopie)
@@ -86,8 +86,13 @@
 
 			con_search_filter='(&(objectClass=user)(!(objectClass=computer))(userAccountControl:1.2.840.113556.1.4.803:=512))',
 			match_filter='(&(|(&(objectClass=posixAccount)(objectClass=krb5Principal))(objectClass=user))(!(objectClass=univentionHost)))',
-			ignore_filter='(|(uid=root)(uid=pcpatch)(cn=pcpatch)(CN=pcpatch)(uid=ucs-s4sync)(CN=ucs-s4sync))',
-
+@!@
+ignore_filter = ''
+for user in configRegistry.get('connector/s4/mapping/user/ignorelist', 'root,pcpatch,ucs-s4sync').split(','):
+	ignore_filter += '(uid=%s)(CN=%s)' % (user, user)
+if ignore_filter:
+	print "			ignore_filter='(|%s)'," % ignore_filter
+@!@
 			ignore_subtree = global_ignore_subtree,
 			
 			con_create_objectclass=['top', 'user', 'person', 'organizationalPerson'],
@@ -261,6 +266,12 @@
 			scope='sub',
 
 			ignore_filter='(|(sambaGroupType=5)(groupType=5)(cn=Windows Hosts)(cn=Authenticated Users)(cn=World Authority)(cn=Everyone)(cn=Null Authority)(cn=Nobody))',
+@!@
+ignore_filter = ''
+for group in configRegistry.get('connector/s4/mapping/group/ignorelist', 'Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody').split(','):
+	ignore_filter += '(cn=%s)' % (group)
+print "			ignore_filter='(|(sambaGroupType=5)(groupType=5)%s)'," % ignore_filter
+@!@
 
 			ignore_subtree = global_ignore_subtree,